CVE-2023-45144

com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting XSS and XWiki syntax...

org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability

Impact An open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirect to any URL. To reproduce, open /xwiki/bin/view/Main/?foo=bar&foosyntax=invalid&RequiresHTMLConversion=foo&xerror=https://www.example.com/ where is the...

XWiki Platform allows remote code execution as guest via SolrSearchMacros request

Impact Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to...

XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList

Impact Any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on a instance, as a connected user without script nor...

GHSA-2R87-74CX-2P7C XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList

Impact Any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on a instance, as a connected user without script nor...

XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet

Impact Any user with edit right on any page can perform arbitrary remote code execution by adding instances of XWiki.SearchSuggestConfig and XWiki.SearchSuggestSourceClass to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki...

CVE-2024-31997 XWiki Platform remote code execution from account through UIExtension parameters

XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. Th...

CVE-2024-31984

XWiki Platform contains a remote code execution (RCE) vulnerability in the Solr-based search when a document title is crafted in a specific way. Affected versions include 7.2-rc-1 through prior to 4.10.20, 15.5.4, and 15.10-rc-1. Successful exploitation allows an attacker who can edit a space tit...

XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

Impact The HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. To reproduce in an XWiki installation, open...

Remote code execution

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter...

CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the...

CVE-2023-50722 XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter...

GHSA-8JPR-FF92-HPF9 Run Shell Command allows Cross-Site Request Forgery

Impact A cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the...

XWiki Platform XSS vulnerability from account in the create page form via template provider

Impact An attacker can create a template provider on any document that is part of the wiki could be the attacker's user profile that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL...

GHSA-GR82-8FJ2-GGC3 XWiki Platform XSS vulnerability from account in the create page form via template provider

Impact An attacker can create a template provider on any document that is part of the wiki could be the attacker's user profile that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL...

org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

Impact Triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature...

Cross site scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...

CVE-2023-45136 XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...

CVE-2023-37912 XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of org.xwiki.platform:xwiki-core-rendering-macro-footnotes and org.xwiki.platform:xwiki-rendering-macro-footnotes and prior to version 15.1-rc-1 of...

CVE-2023-36468

CVE-2023-36468 affects XWiki Platform. The advisory describes that upgrading to a fixed version does not always prevent exploitation: appending rev=1.1 to the reproduction URL can still trigger remote code execution despite patches. Patches exist in XWiki 14.10.7 and 15.2RC1, which force old revi...